Back to CVE List

CVE-2018-25200

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
Zsoft
Product
OOP CMS BLOG

External References

Discussion (0)

Add Comment

No comments yet. Be the first!